NextGen$'s blog/Sun, 26 Jul 2015 21:45:00 +0100Application firewalling with netfilter (part 2)/posts/2015/07/application-firewalling-with-netfilter-part-2/<p>Last time we've looked into <a class="reference external" href="/posts/2015/07/application-firewalling-with-netfilter/">how to do application firewalling with netfilter</a> and came up with an answer whose dependencies aren't shipped by mainstream distributions just yet. Today we will find another way of doing the same thing on with the tools everyone have.</p>
<div class="highlight"><pre><span></span><span class="c1"># install dependencies</span>
sudo apt-get install sudo …</pre></div>Florent DaignièreSun, 26 Jul 2015 21:45:00 +0100tag:None,2015-07-26:/posts/2015/07/application-firewalling-with-netfilter-part-2/sysadminblogApplication firewalling with netfilter/posts/2015/07/application-firewalling-with-netfilter/<p>Today I've stumbled upon <a class="reference external" href="https://linuxfr.org/forums/linux-general/posts/cas-d-utilisation-n-autoriser-que-firefox-a-sortir-sur-les-ports-http-s">a post</a> from my friend <a class="reference external" href="http://blog.tuttu.info/">Feth</a>, asking whether allowing <strong>only firefox</strong> to access the internet was possible on Linux... Of course it is! Here's one of the many ways:</p>
<div class="highlight"><pre><span></span><span class="c1"># setup the firewall</span>
sudo iptables -F OUTPUT
sudo iptables -P OUTPUT REJECT
sudo iptables -A OUTPUT -m …</pre></div>Florent DaignièreThu, 23 Jul 2015 15:08:00 +0100tag:None,2015-07-23:/posts/2015/07/application-firewalling-with-netfilter/sysadminblogDisabling connection tracking on bridge interfaces created by libvirt/posts/2015/07/disabling-connection-tracking-on-bridge-interfaces-created-by-libvirt/<p>Today I got bitten by a problem I've already encountered in the past... and as I didn't document it properly, I had to google it again! Let this blog entry be a more permanent documentation than the previous one.</p>
<p>Early in the morning, the supervision system has started alerting me …</p>Florent DaignièreWed, 22 Jul 2015 10:02:00 +0100tag:None,2015-07-22:/posts/2015/07/disabling-connection-tracking-on-bridge-interfaces-created-by-libvirt/sysadminblogNetflix ultimate geolocation bypass with an edgerouter/posts/2015/01/netflix-ultimate-geolocation-bypass-with-an-edgerouter/<p>It looks like <a class="reference external" href="http://www.engadget.com/2015/01/03/netflix-clamps-down-on-vpns/">Netflix has updated their geolocation code</a>... attempting to prevent their users from watching content intended for other regions. This post explores a few technical avenues one might consider to bypass it.</p>
<p>Googling around, it becomes increasingly clear that many people are making a living out of selling …</p>Florent DaignièreMon, 05 Jan 2015 19:06:00 +0000tag:None,2015-01-05:/posts/2015/01/netflix-ultimate-geolocation-bypass-with-an-edgerouter/edgeroutersysadminblogCVE-2014-1409 or the sad tale of an XPath injection affecting mobileiron products/posts/2014/06/cve-2014-1409-or-the-sad-tale-of-an-xpath-injection-affecting-mobileiron-products/<p>Following up on my last post about <a class="reference external" href="https://www.owasp.org/index.php/XPATH_Injection">XPath</a> injections, I will document part of the process we went through to exploit <a class="reference external" href="https://www.trustmatta.com/advisories/MATTA-2013-004.txt">CVE-2014-1409</a> and hopefully convince a few that this category of bugs is no joke and should be looked for during pentests.</p>
<p>So, what about it? Well, let me tell …</p>Florent DaignièreMon, 23 Jun 2014 11:06:00 +0100tag:None,2014-06-23:/posts/2014/06/cve-2014-1409-or-the-sad-tale-of-an-xpath-injection-affecting-mobileiron-products/exploitationsecurityblogExploiting XPath injection vulnerabilities with XCat/posts/2014/06/exploiting-xpath-injection-vulnerabilities-with-xcat/<p><a class="reference external" href="https://www.owasp.org/index.php/XPATH_Injection">XPath</a> injection bugs are relatively common in web applications, yet it's a vulnerability class ignored by the vast majority of pentesters.</p>
<p>I think that there is two main reasons for that:</p>
<ul class="simple">
<li>The tooling to exploit this type of vulnerabilities sucks.</li>
<li>There is very few documented cases of &quot;useful&quot; bugs being …</li></ul>Florent DaignièreSat, 21 Jun 2014 11:06:00 +0100tag:None,2014-06-21:/posts/2014/06/exploiting-xpath-injection-vulnerabilities-with-xcat/securityblogIs SantanderUK compromised?/posts/2014/03/is-santanderuk-compromised/<p>This morning I have received a special spam, the kind that warrants a blog post.</p>
<p>It's interesting for several reasons:</p>
<ul class="simple">
<li>It has my name in the Subject Header</li>
<li>It came through an address that I have only given to my bank</li>
<li>It uses a clever old-school trick to avoid <a class="reference external" href="https://en.wikipedia.org/wiki/Bayesian_spam_filtering">bayesian …</a></li></ul>Florent DaignièreTue, 25 Mar 2014 10:10:00 +0000tag:None,2014-03-25:/posts/2014/03/is-santanderuk-compromised/pwnedblogsecuritybankingspamHello world!/posts/2014/03/hello-world/<p>This is our first post!! A classic</p>
<div class="highlight"><pre><span></span><span class="k">print</span><span class="p">(</span><span class="s2">&quot;HELO world!&quot;</span><span class="p">)</span>
</pre></div>
<p>See you soon ;)</p>
Florent DaignièreFri, 21 Mar 2014 11:06:00 +0000tag:None,2014-03-21:/posts/2014/03/hello-world/helloworldblogfirst